How can junior engineers safely use cloud providers like Google Cloud or AWS for side projects without risking running up large bills?
The question applies to everyone - but particularly to juniors with little experience using cloud services.
For instance, I once built a CRUD web app using Firebase. However, I was wary of providing payment info, given the numerous stories of people getting large bills from accidental overuse or DDoSing. Thus, I wasn’t able to use Cloud Functions, leading to me using Firebase antipatterns.
For instance:
-
Creating new user’s profile data in the frontend (instead of a Cloud Function)
-
Building a dedicated backend to securely make third-party API calls
-
Manually versioning my production data by downloading JSON (no backups available on free tier)
I even considered migrating my web app to Supabase, which doesn’t have this problem (and is also SQL-based), just so I could avoid doing silliness in my code.
More recently, I’d like to build a hacky side project needing a service from Azure (or AWS, or Google Cloud). I could build an MVP in a few hours on the weekend (in fact, I already did - now I just need to connect it to the service). However, I’m wary of providing payment information.
I understand the typical policy is to forgive accidental misusages.
However, I’d prefer to use these tools properly instead of relying on goodwill (which, as Netlify recently proved, isn’t always reliable).
After all, it would be atrocious marketing to punish small players when most of cloud providers’ revenue comes from large, established organizations operating at scale.
How might I approach this? I’d be interested to hear your thoughts - I know Taro runs on Firebase!
Discussion
(6 comments)- 0
a month agoTech Lead @ Robinhood, Meta, Course HeroFirebase is unfortunately very crappy with this, and I remember reading a similar horror story for Firebase/GCP on Reddit a couple years ago about a massive bill resultant of an attack. For Firebase in particular, you need to write code to set a hard spending limit. You can't simply set a spending limit from the UI. You can find the documentation here: https://cloud.google.com/billing/docs/how-to/notify#cap_disable_billing_to_stop_usage
In general, never publish software that's billed in a pay-for-play way without setting a spending limit to protect yourself. You'll be surprised at the number of hackers who are just looking for an opportunity to ruin some indie dev's day.
Another option is to use a tiered service like Heroku where you just get billed a certain amount each month for a certain amount of compute, database rows, etc. If you don't use it all, you are indeed overpaying, but if you go over, your app will simply be spotty while you don't go bankrupt. Good tradeoff IMHO.
- 1a month agoJunior Engineer [OP]JPMorgan Chase
Hey Alex, thanks for the reply!
I’m definitely going to check out the resource you linked to cap Firebase spending.
Also, I agree - I don’t think publishing software using pay-to-play services is advisable.
However, my problem is there isn’t even a way to cap spending on the big cloud providers, like AWS or Azure - not even a hacky workaround.This means there isn’t a way to protect oneself when using these platforms.
Does this mean it’s basically never a good idea to use services from these platforms, and if so, what might you do if you need a specific niche service that’s not available elsewhere?
- 0a month agoTech Lead @ Robinhood, Meta, Course Hero
I have never directly used AWS or Azure, but is it really impossible to create this logic flow?
- In your server logic, check to see how much spend you've generated for this day/week/month
- If the number is insane, shut everything down
That's pretty much what we did for Firebase, haha.
If that's not possible, then these options indeed seem terrible for a casual side project unless you want to set spending alerts and effectively be on 24/7 oncall.
- 1a month agoMid-Level Software Engineer [SDE 2] at Amazon
all the major cloud providers allow you to set billing alerts when your service cost exceeds a predetermined threshold
- 0a month agoTech Lead @ Robinhood, Meta, Course Hero
The billing alerts help for sure, but the fear is that you're attacked in the dead of night and a lot of hackers operate in non-Western time zones.
- 2
a month agoFounding ML Engineer @ Lancey (YC S22)AWS is very good at refunding/refuting bills if you accidentally rack it up. I was working on a personal project and somehow launched some ML canvas that runs and charges until you shut it down. I swore I closed it but I kept seeing my bill increase daily. In the end it was $300.
I reached out to AWS support and turns out it was open in a different region. I spent 2 hours working with support. You have to manually toggle to that region and only then it shows up . I was like how is it charging me I literally dont see it running. Luckily AWS helped me through it and refunded everything. Normally for small charges as long as you act promptly they will refund it.
This is mainly for services left running though. I'm not sure how AWS works if you rack up a large bill because of an attack.
It's quite important to get familiar with cloud so my personal suggestion is to go through the flow and get everything running for the learning experience and shut it down. Then deploy it elsewhere like railway.app or heroku. I like railway a lot
As Daniel said, you can also set billing alerts and also alerts for unusual activity.
